LDAP password changes report success but never actually updates

Nextcloud version (eg, 20.0.5): 29.0.0.19
Operating system and version (eg, Ubuntu 20.04): Ubuntu 22.04
Apache or nginx version (eg, Apache 2.4.25): nginx 1.18.0
PHP version (eg, 7.4): 8.1.2

The issue you are facing:

I have LDAP authentication setup and function as expected. Using phpldapadmin installed on the same machine using the same version of php and nginx, I can change user passwords (sending cleartext and letting the ppolicy overlay encrypt to argon2) when logged in at that the individual users or when logged in using the bind_dn and password as configured in my nextcloud instance.

When I attempt to change the password of an individual users either through as the user or administratively, the UI reports success. However, the password does not actually get updated.

If I attempt to change a password via the cli, I get the following:

# sudo -u www-data php occ user:resetpassword test
Enter a new password:
Confirm the new password:
Error while resetting password!

The pasted error from my nextcloud.log file (included further down) shows up immediately after running the occ command and prior to entering the password.

This same message shows up in the logs constantly when the ‘Write support for LDAP’ app is activated. When it is deactiveated, the errors stop, but unsurprisingly, I still cannot update LDAP passwords.

I am looking for any insight that can be provided. I’ve started digging into all of the relevant code, but having never developed an app for nextcloud it pretty slow going. I just don’t know enough about the internals to really get an handle on what is causing this to occur. My guess is that something changed in nextcloud which has broken the ‘Write support for LDAP’ app but I really don’t know. Any insight anyone can provide would be appreciated!

Is this the first time you’ve seen this error? (Y/N): Yes, but I’ve also never not seen it… :slight_smile:

Steps to replicate it:

  1. Install the ‘LDAP user and group backend’ and ‘Write support for LDAP’ apps
  2. Configure them
  3. Try to change the password of any LDAP user in any way.

The output of your Nextcloud log in Admin > Logging:

[no app in context] Fatal: Could not boot user_ldap: No LDAP provider is available
	PUT /ocs/v2.php/apps/user_status/api/v1/heartbeat?format=json
	from ******** by ******** at May 21, 2024, 8:24:59 AM
[no app in context] Fatal: Could not boot user_ldap: No LDAP provider is available
	from ? by -- at May 21, 2024, 8:24:59 AM
[no app in context] Fatal: Could not boot user_ldap: No LDAP provider is available
	GET /ocs/v2.php/apps/notifications/api/v2/notifications
	from ******** by ******** at May 21, 2024, 8:25:02 AM
[no app in context] Fatal: Could not boot user_ldap: No LDAP provider is available
	from ? by -- at May 21, 2024, 8:25:02 AM
[no app in context] Fatal: Could not boot user_ldap: No LDAP provider is available
	GET /ocs/v2.php/apps/notifications/api/v2/notifications
	from ******** by ******** at May 21, 2024, 8:25:32 AM
[no app in context] Fatal: Could not boot user_ldap: No LDAP provider is available
	PROPFIND /remote.php/dav/files/********
	from ******** by -- at May 21, 2024, 8:25:32 AM

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\OC\Memcache\APCu',
  'memcache.distributed' => '\OC\Memcache\Redis',
  'memcache.locking' => '\OC\Memcache\Redis',
  'redis' => array(
    'host' => '********',
    'port' => '6379',
    'user' => 'default',
    'password' => '********',
    'dbindex' => 0,
    'timeout' => 1.5,
    'read_timeout' => 1.5,
  ),
  'mail_smtpmode' => 'smtp',
  'mail_smtphost' => '********',
  'mail_smtpport' => '587',
  'mail_smtpsecure' => 'tls',
  'mail_smtpauth' => true,
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpname' => 'admin',
  'mail_from_address' => 'admin',
  'mail_domain' => '********',
  'mail_smtppassword' => '********',
  'upgrade.disable-web' => true,
  'passwordsalt' => '********',
  'secret' => '********',
  'trusted_domains' =>
  array (
    0 => 'cloud.apomorph.com',
    1 => '0.0.0.0/0',
  ),
  'datadirectory' => /mnt/data/var/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '29.0.0.19',
  'overwrite.cli.url' => 'https://********',
  'overwriteprotocol' => 'https',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'instanceid' => '********',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => '********',
  'installed' => true,
  'maintenance_window_start' => 7,
  'default_phone_region' => 'US',
  'loglevel' => 2,
  'maintenance' => false,
  'filesystem_check_changes' => 1,
);

The output of your Apache/nginx/system log in /var/log/____:

2024/05/21 08:12:45 [error] 724558#724558: *11025 open() "/mnt/data/var/nextcloud/html/index.php/apps/files/preview-service-worker.js" failed (20: Not a directory), client: ********, server: ********, request: "GET /index.php/apps/files/preview-service-worker.js HTTP/1.1", host: "********"
2024/05/21 08:24:45 [error] 724558#724558: *11071 open() "/mnt/data/var/nextcloud/html/index.php/apps/files/preview-service-worker.js" failed (20: Not a directory), client: ********, server: ********, request: "GET /index.php/apps/files/preview-service-worker.js HTTP/1.1", host: "********"
2024/05/21 08:36:45 [error] 724558#724558: *11130 open() "/mnt/data/var/nextcloud/html/index.php/apps/files/preview-service-worker.js" failed (20: Not a directory), client: ********, server: ********, request: "GET /index.php/apps/files/preview-service-worker.js HTTP/1.1", host: "********"

Output errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors. Use a pastebin service if necessary.

{
  "reqId": "RvyedNgsXtotVHU2XlRK",
  "level": 4,
  "time": "2024-05-21T08:25:02+00:00",
  "remoteAddr": "",
  "user": "--",
  "app": "no app in context",
  "method": "",
  "url": "--",
  "message": "Could not boot user_ldap: No LDAP provider is available",
  "userAgent": "--",
  "version": "29.0.0.19",
  "exception": {
    "Exception": "Exception",
    "Message": "No LDAP provider is available",
    "Code": 0,
    "Trace": [
      {
        "file": "/mnt/data/var/nextcloud/html/lib/private/Server.php",
        "line": 1083,
        "function": "getLDAPProvider",
        "class": "OC\\LDAP\\NullLDAPProviderFactory",
        "type": "->"
      },
      {
        "file": "/mnt/data/var/nextcloud/html/lib/private/AppFramework/Utility/SimpleContainer.php",
        "line": 175,
        "function": "OC\\{closure}",
        "class": "OC\\Server",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/mnt/data/var/nextcloud/html/3rdparty/pimple/pimple/src/Pimple/Container.php",
        "line": 122,
        "function": "OC\\AppFramework\\Utility\\{closure}",
        "class": "OC\\AppFramework\\Utility\\SimpleContainer",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/mnt/data/var/nextcloud/html/lib/private/AppFramework/Utility/SimpleContainer.php",
        "line": 142,
        "function": "offsetGet",
        "class": "Pimple\\Container",
        "type": "->"
      },
      {
        "file": "/mnt/data/var/nextcloud/html/lib/private/ServerContainer.php",
        "line": 173,
        "function": "query",
        "class": "OC\\AppFramework\\Utility\\SimpleContainer",
        "type": "->"
      },
      {
        "file": "/mnt/data/var/nextcloud/html/lib/private/AppFramework/DependencyInjection/DIContainer.php",
        "line": 445,
        "function": "query",
        "class": "OC\\ServerContainer",
        "type": "->"
      },
      {
        "file": "/mnt/data/var/nextcloud/html/lib/private/AppFramework/Utility/SimpleContainer.php",
        "line": 96,
        "function": "query",
        "class": "OC\\AppFramework\\DependencyInjection\\DIContainer",
        "type": "->"
      },
      {
        "function": "OC\\AppFramework\\Utility\\{closure}",
        "class": "OC\\AppFramework\\Utility\\SimpleContainer",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/mnt/data/var/nextcloud/html/lib/private/AppFramework/Utility/SimpleContainer.php",
        "line": 120,
        "function": "array_map"
      },
      {
        "file": "/mnt/data/var/nextcloud/html/lib/private/AppFramework/Utility/SimpleContainer.php",
        "line": 128,
        "function": "buildClass",
        "class": "OC\\AppFramework\\Utility\\SimpleContainer",
        "type": "->"
      },
      {
        "file": "/mnt/data/var/nextcloud/html/lib/private/AppFramework/Utility/SimpleContainer.php",
        "line": 146,
        "function": "resolve",
        "class": "OC\\AppFramework\\Utility\\SimpleContainer",
        "type": "->"
      },
      {
        "file": "/mnt/data/var/nextcloud/html/lib/private/AppFramework/DependencyInjection/DIContainer.php",
        "line": 470,
        "function": "query",
        "class": "OC\\AppFramework\\Utility\\SimpleContainer",
        "type": "->"
      },
      {
        "file": "/mnt/data/var/nextcloud/html/lib/private/AppFramework/DependencyInjection/DIContainer.php",
        "line": 442,
        "function": "queryNoFallback",
        "class": "OC\\AppFramework\\DependencyInjection\\DIContainer",
        "type": "->"
      },
      {
        "file": "/mnt/data/var/nextcloud/html/lib/private/AppFramework/Utility/SimpleContainer.php",
        "line": 96,
        "function": "query",
        "class": "OC\\AppFramework\\DependencyInjection\\DIContainer",
        "type": "->"
      },
      {
        "function": "OC\\AppFramework\\Utility\\{closure}",
        "class": "OC\\AppFramework\\Utility\\SimpleContainer",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/mnt/data/var/nextcloud/html/lib/private/AppFramework/Utility/SimpleContainer.php",
        "line": 120,
        "function": "array_map"
      },
      {
        "file": "/mnt/data/var/nextcloud/html/lib/private/AppFramework/Utility/SimpleContainer.php",
        "line": 128,
        "function": "buildClass",
        "class": "OC\\AppFramework\\Utility\\SimpleContainer",
        "type": "->"
      },
      {
        "file": "/mnt/data/var/nextcloud/html/lib/private/AppFramework/Utility/SimpleContainer.php",
        "line": 146,
        "function": "resolve",
        "class": "OC\\AppFramework\\Utility\\SimpleContainer",
        "type": "->"
      },
      {
        "file": "/mnt/data/var/nextcloud/html/lib/private/AppFramework/DependencyInjection/DIContainer.php",
        "line": 470,
        "function": "query",
        "class": "OC\\AppFramework\\Utility\\SimpleContainer",
        "type": "->"
      },
      {
        "file": "/mnt/data/var/nextcloud/html/lib/private/ServerContainer.php",
        "line": 155,
        "function": "queryNoFallback",
        "class": "OC\\AppFramework\\DependencyInjection\\DIContainer",
        "type": "->"
      },
      {
        "file": "/mnt/data/var/nextcloud/html/lib/private/EventDispatcher/ServiceEventListener.php",
        "line": 70,
        "function": "query",
        "class": "OC\\ServerContainer",
        "type": "->"
      },
      {
        "file": "/mnt/data/var/nextcloud/html/3rdparty/symfony/event-dispatcher/EventDispatcher.php",
        "line": 230,
        "function": "__invoke",
        "class": "OC\\EventDispatcher\\ServiceEventListener",
        "type": "->"
      },
      {
        "file": "/mnt/data/var/nextcloud/html/3rdparty/symfony/event-dispatcher/EventDispatcher.php",
        "line": 59,
        "function": "callListeners",
        "class": "Symfony\\Component\\EventDispatcher\\EventDispatcher",
        "type": "->"
      },
      {
        "file": "/mnt/data/var/nextcloud/html/lib/private/EventDispatcher/EventDispatcher.php",
        "line": 86,
        "function": "dispatch",
        "class": "Symfony\\Component\\EventDispatcher\\EventDispatcher",
        "type": "->"
      },
      {
        "file": "/mnt/data/var/nextcloud/html/lib/private/EventDispatcher/EventDispatcher.php",
        "line": 98,
        "function": "dispatch",
        "class": "OC\\EventDispatcher\\EventDispatcher",
        "type": "->"
      },
      {
        "file": "/mnt/data/var/nextcloud/html/apps/user_ldap/lib/AppInfo/Application.php",
        "line": 143,
        "function": "dispatchTyped",
        "class": "OC\\EventDispatcher\\EventDispatcher",
        "type": "->"
      },
      {
        "file": "/mnt/data/var/nextcloud/html/lib/private/AppFramework/Bootstrap/FunctionInjector.php",
        "line": 66,
        "function": "OCA\\User_LDAP\\AppInfo\\{closure}",
        "class": "OCA\\User_LDAP\\AppInfo\\Application",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/mnt/data/var/nextcloud/html/lib/private/AppFramework/Bootstrap/BootContext.php",
        "line": 50,
        "function": "injectFn",
        "class": "OC\\AppFramework\\Bootstrap\\FunctionInjector",
        "type": "->"
      },
      {
        "file": "/mnt/data/var/nextcloud/html/apps/user_ldap/lib/AppInfo/Application.php",
        "line": 147,
        "function": "injectFn",
        "class": "OC\\AppFramework\\Bootstrap\\BootContext",
        "type": "->"
      },
      {
        "file": "/mnt/data/var/nextcloud/html/lib/private/AppFramework/Bootstrap/Coordinator.php",
        "line": 200,
        "function": "boot",
        "class": "OCA\\User_LDAP\\AppInfo\\Application",
        "type": "->"
      },
      {
        "file": "/mnt/data/var/nextcloud/html/lib/private/App/AppManager.php",
        "line": 437,
        "function": "bootApp",
        "class": "OC\\AppFramework\\Bootstrap\\Coordinator",
        "type": "->"
      },
      {
        "file": "/mnt/data/var/nextcloud/html/lib/private/App/AppManager.php",
        "line": 216,
        "function": "loadApp",
        "class": "OC\\App\\AppManager",
        "type": "->"
      },
      {
        "file": "/mnt/data/var/nextcloud/html/cron.php",
        "line": 78,
        "function": "loadApps",
        "class": "OC\\App\\AppManager",
        "type": "->"
      }
    ],
    "File": "/mnt/data/var/nextcloud/html/lib/private/LDAP/NullLDAPProviderFactory.php",
    "Line": 36,
    "message": "Could not boot user_ldap: No LDAP provider is available",
    "exception": {},
    "CustomMessage": "Could not boot user_ldap: No LDAP provider is available"
  }
}

Can you post the output of occ config:list system?

Based on the error output, it sort of sounds like the ldapProviderFactory value set at app installation time is missing.


Also just to confirm: have you seen the item titled Enable LDAP password changes per user in this section of the LDAP chapter? User authentication with LDAP — Nextcloud latest Administration Manual latest documentation


Unrelated but:

Are you sure 0.0.0.0/0 is what you want here?

1 Like

Sure thing:

{
    "system": {
        "htaccess.RewriteBase": "\/",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": "6379",
            "user": "default",
            "password": "***REMOVED SENSITIVE VALUE***",
            "dbindex": 0,
            "timeout": 1.5,
            "read_timeout": 1.5
        },
        "mail_smtpmode": "smtp",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "587",
        "mail_smtpsecure": "tls",
        "mail_smtpauth": true,
        "mail_smtpauthtype": "LOGIN",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "upgrade.disable-web": true,
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "cloud.apomorph.com"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "29.0.0.19",
        "overwrite.cli.url": "https:\/\/cloud.apomorph.com",
        "overwriteprotocol": "https",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "maintenance_window_start": 7,
        "default_phone_region": "US",
        "loglevel": 2,
        "maintenance": false,
        "filesystem_check_changes": 1
    }
}

I will investigate the ldapProviderFactory angle and see what I can turn up. I think it is supposed to be pulling in the config from the user_ldap and is not getting it for whatever reason. The config for the ldap_write_support app doesn’t have any of the connection settings. But this is all pretty foreign to me.

I have seend and went through that ‘Enable LDAP password changes per user’ and I believe I have everything set up correctly for that. I do have that specific box checked and if I uncheck it, the admin facing user editor doesn’t give me the option to change the password. I’ve reconfirmed that uncecking and rechecking that box does not change the behavior – attempts to change the password in the admin ui report success while the password in LDAP does not update and I see the same error continue in the logs. I have tried uninstalling and reinstalling the ldap_write_support app and that does not make any difference. I did file ldap_write_support not working with nextcloud 29.0.0.19 · Issue #740 · nextcloud/ldap_write_support · GitHub (looks like you probably already saw that :slight_smile:)

I did remove 0.0.0.0/0 from the trusted hosts. I had added that after a reinstall where I had a number of clients configured that were attempting to connect with an old pw and causing me to get blocked (seems like the bruteforce app was in effect even though it was not showing as enabled). But regardless, I had forgotten to remove that – I appreciate the catch and the response as a whole!

I gave up supporting password changes from NC to LDAP. For one, I could not get it to properly support SSHA. And secondly because I also needed other registration and self-service features entirely, I ended up with pwm-tool instead.

It looks like there’s an issue with the LDAP provider configuration in your Nextcloud instance. The error ‘No LDAP provider is available’ suggests Nextcloud can’t find the LDAP server. Check your LDAP settings in Nextcloud, ensure the server is running, and review recent changes. For more help, consult Nextcloud’s documentation on LDAP authentication troubleshooting.